Website security and protecting visitor data

What does it mean to say that a web site or page is 'secure'?

To help users identify whether a web page is secure or not, most browsers like Chrome, Internet Explorer, Firefox, and Safari display an 'http' (not secure) or 'https' (secure) prefix in the address bar. If an https:// prefix is present, it means that data between the visitor's browser and the web server is encrypted. Encrypted website data is much harder for attackers to siphon and decode.

Most of the content pages on your site are not delivered securely, and this is okay.

Web pages on your site that are used to gather customer data, like the Loan Application on our Mortgage sites, are resolved in your browser using an internal address for which we've already registered a security certificate.

This is accomplished through a blanket security certificate that is registered against 'proiwebsites.com' (For our Agent and Mortgage Websites) and 'flexapp1003.com' (for our standalone 1003 product). All other page content on your site is instead loaded with an 'http' prefix using the registered domain associated with your site.

Is my site being ranked as highly as it should be if every page isn't secure?

Google is taking the initiative to use the popularity of their Chrome browser combined with their status as the largest search engine, to influence the rest of the web into standardizing the use of Cryptographic Protocols (TLS/SSL) for the delivery of all website content on the internet.

One of the most visible and public steps that they've taken so far is to introduce a subtle exclamation point to the left of the web address for any non-secure web page.

When clicked, it displays this warning:Your connection to this site is not secure. You should not enter any sensitive information on this site (for example, passwords or credit cards), because it could be stolen by attackers.

Google has not yet started to use this as a meaningful metric for how sites are ranked in search results, or for penalizing sites in a significant way.

We are aware of how important it is to stay on top of current trends in security and web development. It is on our radar to implement encryption throughout our products, but it is not currently a priority. If Google suddenly does begin to negatively affect the ranking of non-secure sites, or if they become more overt with alarming messaging, the project for making our sites completely secure will surely be prioritized.

To help put all of this into perspective, here is a list of other popular websites that are not secure at the time of this writing:

It can cost as much as $1500 per year to register a security certificate. Your regular page content does not warrant this expense, and we do not currently have the infrastructure to track and maintain the Certificate Signing Requests that would have to be installed on our servers for every domain that our customers point to their site. We are currently building the framework that would allow us to offer SSL Registration services in the near future -we'll make an announcement when this becomes available.

Remember, the pages on your site that are used for gathering customer information are already secured by us.